Second Request For Reconsideration 
USSN 09/891,545 

REMARKS 

Claims 1-13 are all the claims pending in the application. 

The rejection for anticipation by Provino is again traversed for the reasons set forth in the 
Request For Reconsideration filed July 26, 2006. The remarks of the examiner accompanying 
the Advisory Action mailed August 29, 2006 suggest that the examiner may not fully appreciate 
what is in fact claimed. 

As explained in paragraph [0028] of the substitute specification filed November 2, 2004, 
it is common for a Network Access Server (e.g., NAS 131 in Fig. 1) to assign the same IP 
address to two users connected to different VPNs. As explained in paragraphs [0031]-[0032] of 
the substitute specification, if a user 111 already connected to VPN 152 wants to communicate 
with a server 161 connected to VPN 151, without user 111 giving up its connection to VPN 152, 
a message is sent to the server 161 which will include as a source address the IP address of the 
user 111. If the server 161 replies to that IP address, there is ambiguity at the NAS 131 as to 
which of the users 111 and 112 (both having identical IP addresses) should receive the reply 
from server 161. 

This ambiguity is avoided by the present invention by having the NAS 131, when 
sending the original message to the server 161, sending it on a logical channel having an 
identifier which is the same as the identifier of the VPN to which the user 1 1 1 is connected. 
When the reply comes back from the server 161 on this logical channel, the NAS 131 knows that 
the reply message should be directed to the user 111. 
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The preamble of claim 1 sets the stage for the invention, i.e., a user connected to a VPN 
via a Network Access Server that has access to plural VPNs, with the user wanting to 
communicate with a device not connected to the same VPN (i.e., the "host" VPN) to which the 
user is currently connected. The first step in the method of claim 1 is the detection of a message 
sent from the user (e.g., user 111 connected to host VPN 152) to a communication device (e.g., 
server 161) which is not connected to the host VPN, while the user is connected to the host VPN. 
The next step is the directing of that message to a logical channel between the Network Access 
Server (e.g., NAS 131) and the communication device, with the logical channel having a logical 
channel identifier which is also the identifier of the host VPN to which the user is connected. 

Provino does teach a VPN 15. But to even begin matching the claim limitations to 

Pro vino we must have a user connected to VPN 1 5 who is sending a message to a device not 

connected to the VPN 15. The examiner talks about a secure tunnel between devices 12(m) and 

12(m'). But there is no discussion in Provino of one of the devices 12(m) being included within 

a VPN and trying to communicated with another device 12(m) outside of that VPN. So at least 

for this reason the subject matter of claim 1 cannot be inherent, it is at best possible. But more 

importantly, even if there were a secure tunnel between a device 12(m) connected to a VPN and 

another device 12(m) outside of that VPN, there is nothing in the existence of such a secure 

tunnel that requires that a message from the user within the VPN to a destination outside of the 

VPN be sent over a logical channel which has an identifier which is the same as the identifier of 

the VPN to which the sending user is connected. There are other ways that secure 

communications could be managed. Indeed, if there is only one VPN to which a particular 

Network Access Server has access, there will be no ambiguity as to which VPN a received 
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message should be routed. There will only be a single user with any given IP address, and the 
problem to which the present invention is directed does not even exist. Provino is completely 
silent on any of this, and it is very clear that the invention recited in claim 1 is neither shown nor 
suggested in Provino. 

Accordingly, allowance of all claims is respectfully requested. 

Respectfully submitted, 

/DJCushing/ 
David J. Cushing 
Registration No. 28,703 

Date: September 25, 2006 
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